securing and governing cloud apis
DESCRIPTION
A look at why APIs matter in the Cloud and their unique security challengesTRANSCRIPT
Securing and governing cloud APIs
Rag RamanathanDirector of Product Management, APIs
Savvis Proprietary & Confidential 2
Nearly 2,500 unique clients, including more than 32 of the top 100 companies in the Fortune 500
Savvis Proprietary & Confidential 3
Savvis is Positioned in the Leaders Quadrant
The Gartner Magic Quadrant for Public Cloud Infrastructure as a Service
Gartner, Inc., Magic Quadrant for Public Cloud Infrastructure as a Service, Lydia Leong, Ted Chamberlin, December 8, 2011. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Savvis.
Savvis Proprietary & Confidential 4
Secure Facilities Enterprise Equipment Intelligent Management Tools
Managed Storage and Backup
Managed Security
Managed Network
Professional Services
ProximityHosting
ManagedApplications Web Hosting
SaaSEnablement
BusinessContinuity
ContentManagement
ColocationIntelligentMonitoring
ManagedHosting
(Dedicated)
Savvis Symphony(Dedicated and
Multi-Tenant Clouds)
Savvis Proprietary & Confidential 5
Virtual Private Data Center (VPDC)
VPDC Portal – Topology Designer
Technical & Business End-UserSelf-Service Provisioning
Savvis Data Center Infrastructure
Savvis Symphony VPDCOrchestration and Provisioning
Automated Provisioning
Savvis Proprietary & Confidential 6
Compute Resources
Data CenterFabric
NetworkServices
SecurityServices
StorageResources
Portal
Business Orchestration/Service Fulfillment
Cloud Orchestration
Cloud Infrastructure
Cloud Database
API
SLA Management Event
Management
Incident Management
Middleware
Systems Management – Service Support
Proxy
Architecture Overview
Savvis Proprietary & Confidential 7
Supporting multiple channels?
SavvisWeb Portal
AP
I
Web Portal
Smartphones
Tablets
Customer Apps
ISV Partner Apps
Reseller Apps
Savvis
Savvis Proprietary & Confidential 8
Why APIs?
Forester Analyst @chenxiwang
“Road to the Cloud is through APIs”
@chenkxiwang
• Benefits of the Cloud is driven by automation• Automation needs integration• APIs are the only way to do cloud integration• Customers, and partners are demanding more
APIs• ISVs, CSBs, SaaS Marketplace need APIs• APIs help in quicker internal and external
application delivery
Savvis Proprietary & Confidential 9
So we offer cloud APIs
· For IaaS based on vCloud API specification· With additional Savvis feature specific APIs
· Initially, offered to a handful of customers as a beta offering· Learnt and matured our APIs· Customers did “pen tests” and requested enhancement
requests
· More customers, and partners are using APIs and demand continues to grow
Savvis Proprietary & Confidential 10
API Challenges
Security
• Authorization• Basic firewall• DDos• SSL for service
end points • Audit logs
Governance
• Availability• Performance • Protection• Meeting SLAs• Maintain QoS• Audit trails• Reporting
Savvis Proprietary & Confidential 11
API Security & Governance Is Bigger
>> Credential caching & expiration
>> OAuth support
>> Common authentication & authorization across all services
Security Penetration Protection
• Code injection
• Malformed requests
• SQL attacks
Message Protection
• XML DOCTYPE insertion
• XML document structure
• Limit msg size
Traffic Control
• Rate limit• Tiered
service levels
• Automatic retries
>> IP restrictions
>> Reporting and analytics
And More.. And More..
Savvis Proprietary & Confidential 12
…along with
>> Common API security
>> Common logging, and auditing
>> Reporting and analytics
>> Support for multiple versions
>> Protocol transformation
>> Delegated policy authoring
>> Best practices based common policy libraries
>> Centralized policy release and enforcement
>> Internal systems integration (OSS, BSS, CMDB)
Savvis Proprietary & Confidential 13
API Security & Governance Layer Using Layer 7 Gateway
Common API and SOA Governance for Cloud
VPDC Portal OSS Storage
•Throttling•MonitoringPolicy
•Usage•BillingReporting
•Authentication•AuthorizationSecurity
API / SOA / Cloud Governance Gateway
Savvis Proprietary & Confidential 14
Layer 7 Deployment
Savvis Proprietary & Confidential 15
Lessons Learned & Recommendations
>> APIs drive more cloud traffic than web sites
>> Take API-first design approach
>> Drive toward a common framework
> Configuration based and not development based> Supports flexible and distributed deployment models> Extensible
>> Be prepared to handle special requests
>> Do thorough testing of APIs for security
>> Look at Security & Gov Gateway for Cloud
Savvis Proprietary & Confidential 16
Next steps
• Add internal API gateway• OAuth for external APIs• Quota and rate-limit by specific APIs• Developer portal
Savvis Proprietary & Confidential 17
Thank you.
· Want to work on cloud APIs?– We are hiring– http://www.Bit.ly/savvis_pm
Contact:[email protected]: @ragram